umami-mcp-server

Provides an MCP server that exposes Umami Analytics data (websites, stats, pageviews, metrics, and active visitors) as MCP tools for MCP clients like Claude Desktop, VS Code/Copilot, Cursor, and others. Supports local stdio transport or an HTTP Streamable endpoint (/mcp) with session handling.

Evaluated Mar 30, 2026 (21d ago)
Homepage ↗ Repo ↗ Analytics mcp umami analytics claude cursor developer-tools data-access stdio http
⚙ Agent Friendliness
56
/ 100
Can an agent use this?
🔒 Security
48
/ 100
Is it safe for agents?
⚡ Reliability
28
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
78
Documentation
72
Error Messages
0
Auth Simplicity
55
Rate Limits
20

🔒 Security

TLS Enforcement
80
Auth Strength
50
Scope Granularity
20
Dep. Hygiene
45
Secret Handling
45

Strengths: HTTPS is used for the hosted MCP URL in documentation, and HTTP-mode credentials are intended to be sent in headers on initialize. Weaknesses: query-parameter credential fallback is explicitly used for Claude Desktop (deprecated), which can leak secrets via logs/history/referrers. No evidence of fine-grained scopes, token-based auth, or secret redaction practices is provided in the README. Rate limiting and detailed security headers/CORS defaults are not described beyond ALLOWED_ORIGINS default '*'.

⚡ Reliability

Uptime/SLA
0
Version Stability
45
Breaking Changes
40
Error Recovery
25
AF Security Reliability

Best When

You want to query Umami Analytics from an MCP-capable assistant tool, either locally (stdio) or via an HTTP deployment for remote clients.

Avoid When

You cannot securely manage UMAMI credentials (env vars/headers/query-string fallback) or require strict, documented API-level throttling and error contract details.

Use Cases

  • Generate analytics reports for a website over a date range
  • Answer traffic questions (top pages, visit patterns)
  • Break down user metrics by country/city, browser, device
  • Monitor active visitors and near-real-time traffic
  • Inspect page traffic over time and investigate traffic drops

Not For

  • Enterprise-grade compliance/security auditing without additional hardening and verification
  • Use cases requiring OAuth/OIDC identity federation
  • Environments needing documented rate-limit guarantees or pagination semantics

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: HTTP headers on MCP initialize (X-Umami-Host, X-Umami-Username, X-Umami-Password) Environment variables for local stdio mode (UMAMI_URL, UMAMI_USERNAME, UMAMI_PASSWORD) Query parameters fallback for clients that cannot send headers (deprecated)
OAuth: No Scopes: No

Authentication is based on Umami host/username/password provided to the MCP server. For the hosted HTTP usage, the README indicates credentials are passed via headers on initialize; for Claude Desktop, it falls back to query parameters, which is weaker from a logging/URL-leak perspective.

Pricing

Free tier: No
Requires CC: No

No pricing details are provided; availability of a hosted instance is mentioned.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Claude Desktop may force credentials into query parameters because custom headers are not supported (deprecated approach noted).
  • Remote HTTP usage requires MCP initialize credentials; mismatched/invalid Umami credentials will prevent tool availability.
  • If the binary path is not absolute or the transport mode/env vars are misconfigured, tools may not show up.

Alternatives

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for umami-mcp-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered